-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-14:02.mmap                                           Errata Notice
                                                          The FreeBSD Project

Topic:          mmap should not coalesce stack entry

Category:       core
Module:         kernel
Announced:      2014-01-14
Credits:        Konstantin Belousov
Affects:        All supported versions of FreeBSD.
Corrected:      2013-12-30 08:57:54 UTC (stable/10, 10.0-PRERELEASE)
                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC4)
                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC3-p1)
                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC2-p1)
                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC1-p1)
                2013-12-30 09:04:06 UTC (stable/9, 9.2-STABLE)
                2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
                2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
                2014-01-14 19:33:28 UTC (stable/8, 8.4-STABLE)
                2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
                2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.   Background

The FreeBSD virtual memory system allows growing stack by mapping anonymous
memory region on top of a stack via mmap(2) system call with MAP_STACK bit
enabled in flags parameter.

II.  Problem Description

The FreeBSD virtual memory system tries to coalesce adjacent memory regions
into one single object when possible.  When growing the stack via mmap(2), it
will also try to coalesce the newly allocated memory into the existing object.
This would result in a failed assertion later in vm_map_stack(), which expects
that a new object is returned.

III. Impact

The system will panic when this happens.

IV.  Workaround

No workaround is available.

V.   Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

2) To update your present system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch
# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch.asc
# gpg --verify mmap.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

3) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/8/                                                         r260645
releng/8.3/                                                       r260647
releng/8.4/                                                       r260647
stable/9/                                                         r260082
releng/9.1/                                                       r260647
releng/9.2/                                                       r260647
stable/10/                                                        r260081
releng/10.0/                                                      r260122
- -------------------------------------------------------------------------

VII. References

The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:02.mmap.asc

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS1ZSuAAoJEO1n7NZdz2rnsPoQAIFs/URebviZjkMpYJBTahwe
Lr50uJSZIlW2nMvi+urLJAB15fJm/WHDdHqp6+WHh5jjCozb45CoIxDFnP5UB4q8
oclsQtKrt4R1dBDEa3RZQoJEm6DIk1YhfAfUtJMhDpROlvWCbBMzZWJbVQec5j3E
iyhY1FIl/BD4KWFw/hDhJX5j4HQWA/oZDagx5WZFMsFapq5rOXkC/fq3YHkTJBeW
7YEvAyTuZoj9zBVJ28cEYr7+ULtJMphBdTEzAhFZSEegsM+qyMafTf2c54MdtWR0
pSgoh9i+cSXj444e4eeqLp6LwapW5YGIrKpAmBUwTECBg5F5915i2h8ddCnmJJSM
4Wq7bXJU6PGzFXTDUsAw9HB2HcCMU2EvVNhtM3wp7dSzojLpvrgEoRZKwanu32r1
cuN/awHUGA1fzoUkxMygzT5B44IX+9gyT8lJ4N+PfKGnSO00WY41XkLheDmpgf2b
euDrzTSwbupEp70lT45CW6DUlqPXpw0Fn5vyNYBvoaAXineqyvwMkQ6YZwoNmfiU
xv2zjY40RkOR8EJKi8L1moBQsfh/i6rtVQhDIHmAU/1VaYBE4zVXS5BYAlUaUJgw
3rc5ho+F2BB+YV+HeaWszjW+NVhiIswpccw4Js7O2HQUA9M2KEq2+DXRtNdEa8/j
miG/hWqsuoWjAcrQKjKw
=rOvi
-----END PGP SIGNATURE-----
